Description of the breach:ESEA alerted their users on December 30 that they had received notice on December 27 that their system had been breached. Although the exact number of records compromised is unknown, many websites are reporting that 1.5 million user records were compromised in the breach.

ESEA has not asserted when the records were breached, but is urging all users to immediately reset their account passwords and security questions, as well the passwords and security questions on different websites where they may have reused their login credentials.

ESEA is also advising users to be wary of unsolicited communications that ask for personal information. It is recommended that you go directly to the ESEA website in a new browser to reset passwords or update security questions instead of clicking on links in an email related to the breach. Hackers are known to use information from large data breaches in phishing scams that lure individuals into clicking on dangerous links.